Mapping engine does not handle regex properly
Currently, if there is more than one assertion value (the list of group ids returned from the idp). Then when using regex to compare again the mapping values, only the first values are used. Change-Id: Iba7d455ef0d5fc2d4ac16f4a7eb553845270fb2c Closes-Bug: #1321536
This commit is contained in:
parent
455d50e8ae
commit
713ddcf0b3
|
@ -403,7 +403,11 @@ class RuleProcessor(object):
|
|||
return False
|
||||
|
||||
if regex:
|
||||
return re.search(values[0], assertion_values[0])
|
||||
for value in values:
|
||||
for assertion_value in assertion_values:
|
||||
if re.search(value, assertion_value):
|
||||
return True
|
||||
return False
|
||||
|
||||
any_match = bool(set(values).intersection(set(assertion_values)))
|
||||
if any_match and eval_type == self._EvalType.ANY_ONE_OF:
|
||||
|
|
|
@ -193,7 +193,6 @@ MAPPING_LARGE = {
|
|||
]
|
||||
}
|
||||
|
||||
|
||||
MAPPING_BAD_REQ = {
|
||||
"rules": [
|
||||
{
|
||||
|
@ -417,6 +416,43 @@ MAPPING_EXTRA_RULES_PROPS = {
|
|||
]
|
||||
}
|
||||
|
||||
MAPPING_TESTER_REGEX = {
|
||||
"rules": [
|
||||
{
|
||||
"local": [
|
||||
{
|
||||
"user": {
|
||||
"name": "{0}",
|
||||
}
|
||||
}
|
||||
],
|
||||
"remote": [
|
||||
{
|
||||
"type": "UserName"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"local": [
|
||||
{
|
||||
"group": {
|
||||
"id": TESTER_GROUP_ID
|
||||
}
|
||||
}
|
||||
],
|
||||
"remote": [
|
||||
{
|
||||
"type": "orgPersonType",
|
||||
"any_one_of": [
|
||||
".*Tester*"
|
||||
],
|
||||
"regex": True
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
EMPLOYEE_ASSERTION = {
|
||||
'Email': 'tim@example.com',
|
||||
'UserName': 'tbo',
|
||||
|
@ -462,7 +498,7 @@ TESTER_ASSERTION = {
|
|||
'UserName': 'testacct',
|
||||
'FirstName': 'Test',
|
||||
'LastName': 'Account',
|
||||
'orgPersonType': 'Tester;'
|
||||
'orgPersonType': 'MadeupGroup;Tester;GroupX'
|
||||
}
|
||||
|
||||
BAD_TESTER_ASSERTION = {
|
||||
|
|
|
@ -609,6 +609,28 @@ class MappingRuleEngineTests(FederationTests):
|
|||
self.assertRaises(exception.Unauthorized,
|
||||
rp.process, assertion)
|
||||
|
||||
def test_rule_engine_regex_many_groups(self):
|
||||
"""Should return group CONTRACTOR_GROUP_ID.
|
||||
|
||||
The TESTER_ASSERTION should successfully have a match in
|
||||
MAPPING_TESTER_REGEX. This will test the case where many groups
|
||||
are in the assertion, and a regex value is used to try and find
|
||||
a match.
|
||||
|
||||
"""
|
||||
|
||||
mapping = mapping_fixtures.MAPPING_TESTER_REGEX
|
||||
assertion = mapping_fixtures.TESTER_ASSERTION
|
||||
rp = mapping_utils.RuleProcessor(mapping['rules'])
|
||||
values = rp.process(assertion)
|
||||
|
||||
user_name = assertion.get('UserName')
|
||||
group_ids = values.get('group_ids')
|
||||
name = values.get('name')
|
||||
|
||||
self.assertEqual(user_name, name)
|
||||
self.assertIn(mapping_fixtures.TESTER_GROUP_ID, group_ids)
|
||||
|
||||
def test_rule_engine_any_one_of_many_rules(self):
|
||||
"""Should return group CONTRACTOR_GROUP_ID.
|
||||
|
||||
|
|
Loading…
Reference in New Issue